2. Data subjects

The employees of Saija Oy, partners, current and potential customers

3. Basis for processing data and purpose of registry

The personal data will be collected based on partner contracts or actual customer relations or the fact that the subject has somewhere else given consent to have data collected and processed (for ex. on a questionnaire when asked for a permission for marketing). The personal data will be collected and processed for the purpose of handling Saija Oy's partner and customer relations, customer service, marketing communications and direct marketing (if the data subjects have given a permission).

4. Content of register

Data entered in the system:

Contact information

name and for corporations, also the name of the corporation

date of birth or social security numer or corporate ID

adress

email

phone number

Customer information

sales data of products and services

5. Rights of data subject

The data subject has the following rights (for application, please contactinfo@saija.fi):

Access to information

The data subjects have the right to request access to the information we have on them.

Information Correction

If the data subjects believe that the information we have about them is incorrect, they are welcome to contact us so we can update it and keep their data accurate.

Right to object

The data subjects have the right to object to processing of personal data concerning them, if they believe that their data has been processed against the law.

Decline of direct marketing

The data subjects have the right to decline use of the collected data for direct marketing.

Right to erasure

The data subjects have the right to be forgotten. They may ask for deletion of the data, if they believe the storage of the data is no longer necessary. After reception of a request for deletion, we will either delete the requested data or we will inform about a well-grounded reason, why the data can not be deleted.

To be noticed: Due to the law or some other regulation, the Controller may have the right to decline the request. The Controller is due to the [finnish] Accounting Law (Chapter 2, 10 §) obligated to perserve company bookkeeping material for a spesific period (10 years). Therefore the data related to bookkeeping can not be deleted before expiration of the period.

Right to decline consent

If processing of data is only based on a consent the subject has given, and not for ex. on customership or membership, the data subject may decline the consent.

Right to complain to Data Protection Ombudsman

The data subjects have the right to complain to the Data Protection Ombudsman if they believe that we are processing the personal data against the current GDPR legislation. They also have the right to request the restriction of the processing of contentious personal data until the issue has been solved.

6. Regular sources of information

from the subjects themselves when establishing the customer or partner relation

from the subjects themselves through a questionnaire on the internet or through some other questionnaire

through partners

7. Regular data disclosure

Data are usually not disclosed for marketing purposes to any third party.

Only for maintenance of our services we disclose data to the occupational health services (concerning the employees of Saija Oy), the service provider of hotel management software and the service provider of website and newsletter templates.

We have ensured that our service providers conform the GDPR legislation.

8. Period for which data will be stored

The personal data of the employees of Saija Oy will be stored for a period determined by law and regulations. Other personal data will be stored for 5 years after the latest contact. The data subjects may however ask for delition of their data already earlier.

9. Processor of collected data

The processors are the employees of Saija Oy.

The controller and its employees process the personal data. We may also give the permission to a third party, partially to take care of processing. In that case we ensure through contracts that the personal data will be processed in an adequate way and according the current GDPR legislation.

10. Transfer of data outside the EU or EEA

The register data are not transferred outside the EU or EEA.

11. Automated decision making and profiling

We don't use personal data to make automated decisions or profiling.

12. Cookies

Cookies are usually small text files, sent to the server by the website and saved on the user’s device. Cookies are used in order to identify the user to improve the user-friendliness of the website. The text files include a little amount of information, which can be read by server when you visit the same website again. Some of the cookies are necessary for browsing a website. Others are useful for the website visitors, because they help browsing for example by remembering your user name or the language settings which were chosen. With the help of these cookies, we can identify your web browser and use the gathered information for analysis and development of our website. This will be done to improve our services to a better respond the needs of website visitors.

With these cookies, we track, among other things, the IP addresses, the time of the visit, the sites visited and the time used in the website, the browser type, the operating system, how visitors are directed to the site, to which web address they move after the visit and which web server the visitors have come from.